Bug#913497: RM: spice-xpi -- RoQA; obsolete, orphaned

2018-11-11 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove spice-xpi from the archive. It's orphaned without an adopter since 2015 and broken with Firefox 60. Cheers, Moritz

Bug#913445: Broken with Thunderbird 60

2018-11-10 Thread Moritz Muehlenhoff
Source: imap-acl-extension Severity: grave When installing the plugin on Thunderbird 60, it's disabled and only prints "IMAP-ACL-Extension is incompatible with Thunderbird 60.3" on stretch and sid. TB 60 was uploaded to stretch two months ago (and three months ago to sid), given that noone

Bug#913443: Broken with Thunderbird 60

2018-11-10 Thread Moritz Muehlenhoff
Package: xul-ext-tbdialout Version: 1.7.2-2 Severity: grave The plugin is broken with Thunderbird 60 in stretch and sid, after installation it's disabled and only prints "TBDialOut is incompatible with Thunderbird 60.3". TB 60 was uploaded to stretch two months ago (and three months ago to sid),

Bug#913436: RM: personasplus/1.7.8-1

2018-11-10 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Thunderbird 60 and Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

2018-11-08 Thread Moritz Muehlenhoff
On Thu, Nov 08, 2018 at 07:42:35PM +0100, Markus Koschany wrote: > Am 08.11.18 um 19:34 schrieb Moritz Mühlenhoff: > [...] > > So upon a closer look this seems to only affect the 8.x releases of the > > connector (Oracle only lists those affected release series which are > > affected and this only

Bug#913166: CVE-2018-17095

2018-11-07 Thread Moritz Muehlenhoff
Source: audiofile Severity: important Tags: security Please see https://security-tracker.debian.org/tracker/CVE-2018-17095 Cheers, Moritz

Bug#913165: CVE-2018-7727 CVE-2018-7726 CVE-2018-7725

2018-11-07 Thread Moritz Muehlenhoff
Source: zziplib Severity: important Tags: security Please see https://security-tracker.debian.org/tracker/CVE-2018-7727 https://security-tracker.debian.org/tracker/CVE-2018-7726 https://security-tracker.debian.org/tracker/CVE-2018-7725 Cheers, Moritz

Bug#913164: CVE-2018-18897

2018-11-07 Thread Moritz Muehlenhoff
Source: poppler Severity: normal Tags: security This was assigned CVE-2018-18897: https://gitlab.freedesktop.org/poppler/poppler/issues/654 Cheers, Moritz

Bug#913162: CVE-2018-10851 CVE-2018-14626 CVE-2018-14644

2018-11-07 Thread Moritz Muehlenhoff
Package: pdns-recursor Severity: grave Tags: security Please see CVE-2018-10851: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html https://downloads.powerdns.com/patches/2018-04/ CVE-2018-14626:

Bug#913163: CVE-2018-14626 CVE-2018-10851

2018-11-07 Thread Moritz Muehlenhoff
Source: pdns Severity: grave Tags: security Please see: CVE-2018-10851: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://downloads.powerdns.com/patches/2018-03/ CVE-2018-14626:

Bug#913095: CVE-2018-18778

2018-11-06 Thread Moritz Muehlenhoff
Package: mini-httpd Severity: grave Tags: security See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18778 (The package seems unmaintained, if that's the case, don't NMU, but keep it out of buster via auto-removals (and eventual archive removal unless adopted)) Cheers, Moritz

Bug#912812: RM: knot-resolver/1.2.0-1

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove knot-resolver by the next point release. It has open security issues which can't be backported sensibly. Cheers, Moritz

Bug#912731: RM: form-history-control/1.4.0.6-1

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60 (but fixed in buster), please remove from stretch. Cheers, Moritz

Bug#912733: RM: lightbeam/1.3.1+dfsg-1

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60 (but fixed in buster). Please remove from stretch. Cheers, Moritz

Bug#912732: RM: tree-style-tab/0.18.2016111701-1

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60 (but fixed in buster). Please remove from stretch. Cheers, Moritz

Bug#912730: RM: useragentswitcher/0.7.3-3

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912729: RM: colorfultabs/31.1.0+dfsg-1

2018-11-03 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912672: RM: greasemonkey/3.8-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912671: RM: uppity/1.5.8-5

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912670: RM: foxyproxy/4.5.6-debian-2

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912668: RM: pwdhash/1.7.4-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912669: RM: autofill-forms/1.1.3-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912667: RM: tabmixplus/0.5.0.1-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912666: RM: webdeveloper/1.2.5+repack-3

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912659: RM: firexpath/0.9.7.1-3

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912660: RM: dactyl/1.2~r20151231-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912658: RM: custom-tab-width/1.1-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912657: RM: firegestures/1.10.9-1

2018-11-02 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove. Cheers, Moritz

Bug#912626: RM: livehttpheaders/0.17.1-2

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove from stretch, it's broken with Firefox 60. Cheers, Moritz

Bug#912625: RM: scrapbook/1.5.13-3

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove from stretch, it's broken with Firefox 60. Cheers, Moritz

Bug#912623: RM: livehttpheaders -- RoQA; Broken with current Firefox, replaced

2018-11-01 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove livehttpheaders. It's broken with Firefox Quantum and has mostly been replaced by Firefox Developer Tools. Cheers, Moritz

Bug#912622: RM: all-in-one-sidebar/0.7.28-2

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove all-in-one-sidebar from stretch. It's broken with Firefox 60. Cheers, Moritz

Bug#912621: RM: all-in-one-sidebar -- RoQA; Broken with Firefox 60, dead upstream

2018-11-01 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove all-in-one-sidebar. It's incompatible with Firefox Quantum and dead upstream: http://firefox.exxile.net/aios/end_of_development.php Cheers, Moritz

Bug#912620: RM: perspectives-extension/4.6.4-1

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove. Cheers, Moritz

Bug#912619: RM: perspectives-extension -- RoQA; broken with Firefox Quantum, dead upstream

2018-11-01 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove perspectives-extension. It's broken with Firefox >= 57 and dead upstream. Cheers, Moritz

Bug#912615: RM: status-4-evar/2016.10.11.01-1

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove. Cheers, Moritz

Bug#912614: RM: itsalltext/1.9.2-2

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove. Cheers, Moritz

Bug#912613: RM: reloadevery/45.0.0-2

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stretch. Cheers, Moritz

Bug#912612: RM: sage-extension/1.5.4-2

2018-11-01 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, please remove from stable. Cheers, Moritz

Bug#912465: RM: mozvoikko/2.2-0.1

2018-10-31 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove mozvoikko from stretch, it's broken with Firefox 60. Removal from sid was filed in #912457. Cheers, Moritz

Bug#912457: RM: mozvoikko -- RoQA; broken with Firefox 57+

2018-10-31 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove mozvoikko, it's broken with current Firefox releases as the necessary API got removed by Mozilla in the Quantum rearchitecture efforts. Cheers, Moritz

Bug#912333: openjdk-8-jdk: breaks maven-surefire-plugin (security-caused regression)

2018-10-30 Thread Moritz Muehlenhoff
On Tue, Oct 30, 2018 at 05:41:42PM +0100, Thorsten Glaser wrote: > Doko, we need a fix for this for openjdk-8 at least > (openjdk-10 users can just upgrade to 11 which doesn’t > exhibit those problems), kinda urgently. This is an intentional upstream change | Improved Validation of Class-Path

Bug#911966: RM: crossroads -- RoQA; dead upstream, orphaned for a long time, alternatives exist

2018-10-26 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove crossroads from the archive. It's orphaned since 2010 without an adopter, alternatives exist and upstream is dead (website has vanished a year ago and previously the last release was from 2013). Cheers, Moritz

Bug#911950: RM: wesnoth-1.12/1:1.12.6-1

2018-10-26 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove wesnoth-1.12 by the next stretch point release. It's affected by CVE-2018-1999023. (People can still install wesnoth-1.14 from stretch-backport as an alternative) Cheers,

Bug#911797: Multiple vulnerabilities

2018-10-24 Thread Moritz Muehlenhoff
Source: open-build-service Severity: grave Tags: security Please verify whether these affect OBS as packaged in Debian: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12478

Bug#911796: CVE-2018-14642

2018-10-24 Thread Moritz Muehlenhoff
Source: undertow Severity: important Tags: security Limited details so far: https://bugzilla.redhat.com/show_bug.cgi?id=1628702 Cheers, Moritz

Bug#911795: CVE-2018-17846 / CVE-2018-17847 / CVE-2018-17848

2018-10-24 Thread Moritz Muehlenhoff
Source: golang-golang-x-net-dev Severity: important Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17848

Bug#911546: RM: letodms -- RoQA; unmaintained, dead upstream, depends on obsolete libs

2018-10-21 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove letodms: - It's unmaintained (last upload in 2016, no followup to bugs like #780964) - Dead upstream (#838487) - Dropped from testing in Jan 2017 - Virtually no popcon - Blocks the removal of src:zendframework, see #904565 Cheers,

Bug#907298: CVE-2018-15869

2018-10-18 Thread Moritz Muehlenhoff
On Thu, Oct 18, 2018 at 10:24:44AM +0200, Moritz Muehlenhoff wrote: > On Thu, Oct 18, 2018 at 04:01:11PM +0800, Shengjing Zhu wrote: > > On Thu, Oct 18, 2018 at 08:54:51AM +0100, Ian Campbell wrote: > > > On Thu, 2018-10-18 at 11:48 +0800, Shengjing Zhu wrote: >

Bug#907298: CVE-2018-15869

2018-10-18 Thread Moritz Muehlenhoff
On Thu, Oct 18, 2018 at 04:01:11PM +0800, Shengjing Zhu wrote: > On Thu, Oct 18, 2018 at 08:54:51AM +0100, Ian Campbell wrote: > > On Thu, 2018-10-18 at 11:48 +0800, Shengjing Zhu wrote: > > > Package: awscli > > > Followup-For: Bug #907298 > > > > > > The corresponding bug on Redhat is closed as

Bug#893448: please add a chromium-source binary package

2018-10-15 Thread Moritz Muehlenhoff
On Mon, Oct 15, 2018 at 11:00:24AM -0700, Jonathan Nieder wrote: > Hi, > > Emilio Pozuelo Monfort wrote: > Michael Gilbert wrote: > > > Major updates to chromium in stable have so far been contingent on it > > being a leaf package, where there is no chance for it to break > >

Bug#910787: Prerm script doesn't stop Diamond, preventing clean purge

2018-10-11 Thread Moritz Muehlenhoff
Source: diamond Severity: important I noticed that upon removal the diamond service isn't properly cleaned up and ends up being in a failed state in systemctl. This seems caused by the broken prerm script, which doesn't correctly stop the service: prerm has the following: | # Stop diamond if

Bug#910690: RM: adblock-plus-element-hiding-helper/1.3.8-1

2018-10-09 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove adblock-plus-element-hiding-helper. It's broken with current Firefox and dead upstream, removal from unstable has been requested as well. Cheers, Moritz

Bug#910689: RM: adblock-plus-element-hiding-helper -- RoQA; broken with current Firefox, dead upstream

2018-10-09 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove adblock-plus-element-hiding-helper. It's broken with the latest Firefox releases and dead upstream. Removal has been acked by David in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906848#20 Cheers, Moritz

Bug#910688: RM: openinbrowser -- RoQA; incompatible with newer firefox-esr versions

2018-10-09 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Please remove openinbrowser, it's broken with ESR60 and has been removed from unstable in #910624. Cheers, Moritz

Bug#910624: RM: openinbrowser -- RoQA; broken with Firefox ESR60

2018-10-08 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove openinbrowser. It's broken with Firefox ESR60 and has been orphaned since 2013. If there's any renewed interest, https://github.com/Rob--W/open-in-browser can be packaged. Cheers, Moritz

Bug#905215: CVE-2018-2941

2018-10-07 Thread Moritz Muehlenhoff
On Sun, Oct 07, 2018 at 01:04:38PM +0200, Markus Koschany wrote: > Hi, > > On Wed, 01 Aug 2018 16:45:30 +0200 Moritz Muehlenhoff > wrote: > > Source: openjfx > > Severity: grave > > Tags: security > > > > http://www.oracle.com/technetwork/security-advi

Bug#910396: stretch-pu: package libgd2/2.2.4-2+deb9u3

2018-10-05 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Two minor security issues fixed in libgd2, not worth a DSA. Debdiff below. Cheers, Moritz diff -Nru libgd2-2.2.4/debian/changelog libgd2-2.2.4/debian/changelog ---

Bug#910383: RM: spdy-indicator/2.2-1

2018-10-05 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox ESR 60, filed for removal from unstable in 910382. Cheers, Moritz

Bug#910382: RM: spdy-indicator -- RoQA; broken with current Firefox, dead upstream

2018-10-05 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove spdy-indicator. It's broken with current Firefox and the maintainer agreed to it's removal in #906826. Cheers, Moritz

Bug#909607: CVE-2018-17336

2018-09-25 Thread Moritz Muehlenhoff
Package: udisks2 Version: 2.7.6-3 Severity: grave Tags: security This was assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17336: https://github.com/storaged-project/udisks/issues/578 Cheers, Moritz

Bug#909605: RM: flashgot/1.5.6.13+dfsg-1

2018-09-25 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm This addon is broken with Firefox 60 and has been requested for removal in sid in #908119, please also remove for stretch. Cheers, Moritz

Bug#909597: RM: firebug/2.0.17-1

2018-09-25 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60. Filed for removal from sid in #909538 Cheers, Moritz

Bug#909596: RM: searchload-options/0.8.0-2

2018-09-25 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, filed for removal from sid in #909054 Cheers, Moritz

Bug#909594: RM: automatic-save-folder -- RoQA; dead upstream, broken with Firefox 60

2018-09-25 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal This addon is broken with Firefox 60 and is dead upstream (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906887), please remove. Cheers, Moritz

Bug#909595: RM: automatic-save-folder/1.0.5~20140831-4

2018-09-25 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60 and upstream upstream, removal bug has been filed for unstable. Cheers, Moritz

Bug#909593: RM: grafana-zabbix -- RoQA; orphaned, depends on grafana

2018-09-25 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please also remove grafana-zabbix, it's related to the grafana RM bug I just filed. Cheers, Moritz

Bug#909592: RM: grafana -- RoQA; orphaned, outdated, RC-buggy

2018-09-25 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove grafana. It's orphaned for a year without an adopter, security-buggy, RC-buggy and totally outdated compared to current upstream. It's also never been in a stable release. Cheers, Moritz

Bug#909538: RM: firebug -- RoQA; obsoleted with Firefox 60

2018-09-24 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove firebug. It no longer works with Firefox 60 and has been obsoleted by the Firefox Developer Tools, also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906841#10 Cheers, Moritz

Bug#890034: Backport of Perc 740/840 for Stretch

2018-09-20 Thread Moritz Muehlenhoff
On Thu, Sep 20, 2018 at 02:11:10PM +0200, Bernhard Schmidt wrote: > On Fri, Sep 14, 2018 at 12:37:40PM +0200, Moritz Muehlenhoff wrote: > > > I've pulled a number of upstream commits for the megaraid_sas driver which > > add > > support for the Perc 740/840 RAID controlle

Bug#909055: RM: ubiquity-extension/0.6.4~pre20140729-1

2018-09-17 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox ESR60 and dead upstream. Filed for removal from the archive in #909053, also remove it from stable. Cheers, Moritz

Bug#909054: RM: searchload-options -- RoQA; Dead upstream, broken with Firefox ESR60

2018-09-17 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove searchload-options. It's broken with Firefox ESR60 and dead upstream for a long time (#814563) Cheers, Moritz

Bug#909053: RM: ubiquity-extension -- RoQA; RC-buggy/broken with current Firefox, unmaintained, dead upstream

2018-09-17 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Please remove ubiquity-extension, it's broken with Firefox ESR60, dead upstream (last release in Feb 2016, https://addons.mozilla.org/de/firefox/addon/mozilla-labs-ubiquity/), hasn't been updated since 2014 and has no active uploaders (#856776). Cheers,

Bug#909051: RM: stylish/2.0.3-2

2018-09-17 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm xul-ext-stylish is broken with Firefox ESR 60, removal from unstable was requested in #906828, also remove it from stretch. Cheers, Moritz

Bug#908972: RFA: hhvm -- HipHop Virtual Machine, a JIT replacement for PHP - main runtime

2018-09-16 Thread Moritz Muehlenhoff
Package: wnpp Severity: normal We (the current maintainers, Faidon and myself) are orphaning HHVM. Upstream has shifted development focus from a generic PHP runtime towards providing a Hack runtime (https://en.wikipedia.org/wiki/Hack_(programming_language). It's not a simple package to maintain

Bug#890034: Backport of Perc 740/840 for Stretch

2018-09-14 Thread Moritz Muehlenhoff
Hi, I've pulled a number of upstream commits for the megaraid_sas driver which add support for the Perc 740/840 RAID controllers to the Stretch kernel. Successfully tested with a H840 on a current Dell PowerEdge R440 and I've also tested the built kernel on a system which was previously

Bug#908534: RM: lyz/2.1.5-3-g895ff3a-1

2018-09-10 Thread Moritz Muehlenhoff
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Broken with Firefox 60, removal bug for sid is #908532 Cheers, Moritz

Bug#908532: RM: lyz -- RoQA; unmaintained, RC-buggy

2018-09-10 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove lyz. It's orphaned since 2015 without an adopter and now broken with the XUL deprecation in Firefox. Cheers, Moritz

Bug#908155: Coordination with upstream developers not universally applied

2018-09-07 Thread Moritz Muehlenhoff
On Fri, Sep 07, 2018 at 02:14:15PM +0100, Ian Jackson wrote: > Wouter Verhelst writes ("Bug#908155: Coordination with upstream developers > not universally applied"): > > To me, the core message of the current text is that you should ensure > > that bug reports which are not Debian-specific end

Bug#908155: Coordination with upstream developers not universally applied

2018-09-07 Thread Moritz Muehlenhoff
On Thu, Sep 06, 2018 at 11:29:52PM +0200, Thorsten Glaser wrote: > I’m trying to be constructive here, but in the end, I still > think that this was something package maintainers (at least > DDs) have read beforehand and signed up for, so there’s no > room to complain now, Good. Please subscribe

Bug#908167: Add firefox-esr-l10n-ne-np to task-nepali-desktop

2018-09-06 Thread Moritz Muehlenhoff
Package: tasksel Version: 3.45 Severity: wishlist I noticed that starting with the 60.x series Firefox ESR now provides a firefox-esr-l10n-ne-np language pack. That sounds like a useful thing to add to task-nepali-desktop Cheers, Moritz

Bug#908155: Coordination with upstream developers not universally applied

2018-09-06 Thread Moritz Muehlenhoff
Source: developers-reference Severity: normal "3.1.4. Coordination with upstream developers" says "You have to forward these bug reports to the upstream developers so that they can be fixed in a future upstream release." That's not the current/best practice for a number of packages, either

Bug#907887: dnsmasq: Update root DNSSEC trust anchor in stretch and jessie

2018-09-03 Thread Moritz Muehlenhoff
On Mon, Sep 03, 2018 at 05:18:41PM +0200, Santiago R.R. wrote: > Source: dnsmasq > Version: 2.72-3+deb8u2 > Severity: important > Tags: patch > > Hi Simon, > > The DNS Root Key Signing Key (KSK) Rollover is scheduled for 11 October > 2018 [1]. After this date, DNS resolvers will need to have the

Bug#907724: Don't ship with buster

2018-08-31 Thread Moritz Muehlenhoff
Source: twitter-bootstrap Severity: serious src:twitter-bootstrap is a 6.5 year old version of Bootstrap which is orphaned since 2013. "Current" packages are in the archive as src:twitter-bootstrap3. The vintage version should not be in buster, reverse deps should migrate to

Bug#906012: libxcursor: CVE-2015-9262

2018-08-27 Thread Moritz Muehlenhoff
On Mon, Aug 27, 2018 at 05:40:01PM +0800, Bjoern wrote: > -- Begin Quote: -- > From: Chris Lamb > To: 906...@bugs.debian.org > Cc: t...@security.debian.org > Subject: Re: libxcursor: CVE-2015-9262 > Date: Mon, 13 Aug 2018 08:18:27 +0100 > > [Message part 1 (text/plain,

Bug#907302: CVE-2018-15864 CVE-2018-15863 CVE-2018-15862 CVE-2018-15861 CVE-2018-15859 CVE-2018-15858 CVE-2018-15857 CVE-2018-15856 CVE-2018-15855 CVE-2018-15854 CVE-2018-15853

2018-08-26 Thread Moritz Muehlenhoff
Source: libxkbcommon Severity: important Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862

Bug#907298: CVE-2018-15869

2018-08-26 Thread Moritz Muehlenhoff
Package: awscli Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15869 Cheers, Moritz

Bug#906770: README.Debian could use some clarificatons

2018-08-20 Thread Moritz Muehlenhoff
Source: jetty9 Severity: normal For my tests of the jetty9 security update for stretch (released as DSA 4278) I had looked into creating a test setup and the README.Debian confused me quite a bit (and external references usally refer to a totally different way to deploy Jetty using the upstream

Bug#906308: CVE-2018-14348

2018-08-16 Thread Moritz Muehlenhoff
Source: libcgroup Severity: grave Tags: security This was assigned CVE-2018-14348: https://bugzilla.suse.com/show_bug.cgi?id=1100365 (cgred seems to be cgrulesengd in Debian) Patch: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ Cheers, Moritz

Bug#906131: CVE-2018-14722

2018-08-14 Thread Moritz Muehlenhoff
Package: btrfsmaintenance Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2018/08/14/7 Cheers, Moritz

Bug#906012: libxcursor: CVE-2015-9262

2018-08-13 Thread Moritz Muehlenhoff
On Mon, Aug 13, 2018 at 08:18:27AM +0100, Chris Lamb wrote: > Hi security team, > > > libxcursor: CVE-2015-9262 > > I have prepared an update for stretch: > > libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high > >* Non-maintainer upload by the Security Team. >* Fix a

Bug#905863: RM: bugsx -- RoQA; RC_buggy, unmaintained, dead upstream, unused

2018-08-10 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove bugsx. It's RC-buggy since 3.5 years, upstream has vanished, it was missed the last stable release, it's unmaintained (last maintainer upload in 2010) and unused per popcon. Cheers, Moritz

Bug#905861: RM: pavuk -- RoQA; dead upstream, RC-buggy, alternatives exist

2018-08-10 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove pavuk. Noone objected to my proposed removal in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859540#19 for almost three months. Quoting in full: | Let's just remove it, the version currently in the archive has virtually no | users

Bug#905862: RM: sslscan -- RoQA; incompatible with OpenSSL 1.1, won't get ported

2018-08-10 Thread Moritz Muehlenhoff
Package: ftp.debian.org Severity: normal Hi, please remove sslscan. The package is unmaintained and incompatible with OpenSSL 1.1 (and upstream has indicated that they won't port it to 1.1 in https://github.com/rbsec/sslscan/issues/108) Cheers, Moritz

Bug#875477: slrn only uses TLSv1.0

2018-08-03 Thread Moritz Muehlenhoff
On Mon, Sep 11, 2017 at 07:33:39PM +0200, Friedemann Stoyan wrote: > Package: slrn > Version: 1.0.3+dfsg-1 > Severity: normal > > Dear Maintainer, > > I noticed that slrn only uses TLSv1.0 when connecting over SSL: > > 8 0.003899 2001:db8::119 2001:db8::119 48650 563 TLSv1

Bug#905215: CVE-2018-2941

2018-08-01 Thread Moritz Muehlenhoff
Source: openjfx Severity: grave Tags: security http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html fixed CVE-2018-2941 in JavaFX, which should affect our openjfx package. Cheers, Moritz

Bug#904113: CVE-2018-11489

2018-07-19 Thread Moritz Muehlenhoff
Source: giflib Severity: important Tags: security https://sourceforge.net/p/giflib/bugs/112/

Bug#904114: CVE-2018-11490

2018-07-19 Thread Moritz Muehlenhoff
Source: giflib Severity: important Tags: security https://sourceforge.net/p/giflib/bugs/113/

Bug#904112: CVE-2018-2598

2018-07-19 Thread Moritz Muehlenhoff
Source: mysql-workbench Severity: grave Tags: security https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2598

Bug#903859: CVE-2018-14054

2018-07-15 Thread Moritz Muehlenhoff
Source: mp4v2 Severity: important Tags: security Please see http://www.openwall.com/lists/oss-security/2018/07/13/1 Cheers, Moritz

  1   2   3   4   5   6   7   8   9   10   >